173 matches found
CVE-2021-26762
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php...
emlog SQL Injection Vulnerability
emlog is a powerful blog and CMS builder based on PHP and MySQL. A SQL injection vulnerability exists in emlog version 6.0.0-stable. An attacker can exploit this vulnerability to execute arbitrary SQL statements and query sensitive server data via admin/navbar.php?action=addpage...
SQL Injection
storage-jdbc-hikaricp-plugin is vulnerable to SQL injection. The wildcard query cases when using H2/MySQL/TiDB allows an attacker to inject and execute arbitrary SQL statements...
TikiWiki Project SQL Injection (CVE-2004-1925)
An SQL injection vulnerability exists in TikiWiki Project. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
SQL Injection
fluidtypo3/vhs is vulnerable to SQL injection. An attacker is able to inject and execute arbitrary SQL statements via isLanguageViewHelper in the vhs extension...
Accellion FTA SQL injection (CVE-2021-27101)
An SQL injection vulnerability exists in Accellion FTA. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
Seat-Reservation-System SQL Injection Vulnerability
Seat-Reservation-System is a seat reservation system. A sql injection vulnerability exists in Seat-Reservation-System 1.0. The vulnerability is caused due to the id and file parameters in the index.php file not being input/output filtered for special characters. An attacker can exploit this...
QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID
Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the DOCID parameter on the TAktifBankObject operation GetOrder to inject arbitrary SQL statements into...
SQL Injection
spring-cloud-task-core is vulnerable to SQL injection. Lack of validation of the value that is passed via a PageRequest into the JdbcTaskExecutionDao potentially allows for execution of arbitrary SQL statements...
NAPC Xinet Elegant 6 Asset Library SQL injection (CVE-2019-19245)
An SQL injection vulnerability exists in NAPC Xinet Elegant 6 Asset Library. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
Octeth Oempro SQL injection (CVE-2019-19740)
An SQL injection vulnerability exists in Octeth Oempro. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
SQL Injection
apache-superset is vulnerable to SQL injection. The vulnerability allows an attacker to inject and execute arbitrary SQL statements using invalid column names in groupby, columns, filters, or metrics queries...
SQL Injection
dolibarr/dolibarr is vulnerable to SQL injection. The vulnerability exists as the id parameter type was not enforced to the int type, and could be used to inject and execute arbitrary SQL statements...
SQL Injection
@nozbe/watermelondb is vulnerable to SQL Injection. A remote attacker is able to inject and execute arbitrary SQL statements via the id parameter...
Oracle E-Business Suite SQL Injection (CVE-2020-2586; CVE-2020-2587)
An SQL injection vulnerability exists in Oracle E-Business Suite. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements with the privileges of the APPS database user...
SQL Injection
phpmyadmin/phpmyadmin is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements to insert malicious values containing Javascript into the database. When displayed in a user's browser, the Javascript executes in the context of the user...
QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"
Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the ID parameter to inject arbitrary SQL statements into the underlying prepared statement. This leads ...
SQL Injection
django is vulnerable to SQL injection. Lack of adequate validation and sanitization of the tolerance parameter allows an attacker to inject and execute arbitrary SQL statements in the database...
SQL Injection
@azhou/basemodel is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements via the orderBy variable...
SQL Injection
centreon/centreon is vulnerable to SQL Injection. The vulnerability exists as several values in multiple monitoring pages were not properly validated, allowing an attacker to inject and execute arbitrary SQL statements...